package org.eclipse.kura.linux.net.iptables;

import java.io.File;
import java.io.FileWriter;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Set;
import org.eclipse.kura.KuraErrorCode;
import org.eclipse.kura.KuraException;
import org.eclipse.kura.core.util.ProcessUtil;
import org.eclipse.kura.core.util.SafeProcess;
import org.eclipse.kura.net.IP4Address;
import org.eclipse.kura.net.IPAddress;
import org.eclipse.kura.net.NetworkPair;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/eclipse/kura/linux/net/iptables/LinuxFirewall.class */
public class LinuxFirewall {
    private static LinuxFirewall linuxFirewall;
    private static final String IP_FORWARD_FILE_NAME = "/proc/sys/net/ipv4/ip_forward";
    private static final String FIREWALL_CONFIG_FILE_NAME = "/etc/sysconfig/iptables";
    private static final String CUSTOM_FIREWALL_SCRIPT_NAME = "/etc/init.d/firewall_cust";
    private Set<LocalRule> localRules;
    private Set<PortForwardRule> portForwardRules;
    private Set<NATRule> autoNatRules;
    private Set<NATRule> natRules;
    private boolean allowIcmp;
    private boolean allowForwarding;
    private static final Logger logger = LoggerFactory.getLogger(LinuxFirewall.class);
    private static Object lock = new Object();

    /* JADX WARN: Unsupported multi-entry loop pattern (BACK_EDGE: B:15:0x002d -> B:6:0x0038). Please report as a decompilation issue!!! */
    private LinuxFirewall() {
        try {
            File file = new File("/etc/sysconfig/iptables");
            if (file.exists()) {
                logger.debug("{} file already exists", file);
            } else {
                IptablesConfig.applyBlockPolicy();
                IptablesConfig.save();
            }
        } catch (Exception e) {
            logger.error("cannot create or read file", e);
        }
        try {
            initialize();
        } catch (KuraException e2) {
            logger.error("failed to initialize LinuxFirewall", e2);
        }
    }

    public static LinuxFirewall getInstance() {
        if (linuxFirewall == null) {
            linuxFirewall = new LinuxFirewall();
        }
        return linuxFirewall;
    }

    public void initialize() throws KuraException {
        logger.debug("initialize() :: initializing firewall ...");
        IptablesConfig iptablesConfig = new IptablesConfig();
        iptablesConfig.restore();
        this.localRules = iptablesConfig.getLocalRules();
        this.portForwardRules = iptablesConfig.getPortForwardRules();
        this.autoNatRules = iptablesConfig.getAutoNatRules();
        this.natRules = iptablesConfig.getNatRules();
        this.allowIcmp = true;
        this.allowForwarding = false;
        logger.debug("initialize() :: Parsing current firewall configuraion");
    }

    public void addLocalRule(int i, String str, String str2, String str3, String str4, String str5, String str6, String str7) throws KuraException {
        LocalRule localRule;
        try {
            if (str2 == null || str3 == null) {
                localRule = new LocalRule(i, str, (NetworkPair<IP4Address>) new NetworkPair(IPAddress.parseHostAddress("0.0.0.0"), (short) 0), str4, str4, str6, str7);
            } else {
                logger.debug("permittedNetwork: {}", str2);
                logger.debug("permittedNetworkPrefix: {}", str3);
                localRule = new LocalRule(i, str, (NetworkPair<IP4Address>) new NetworkPair(IPAddress.parseHostAddress(str2), Short.parseShort(str3)), str4, str5, str6, str7);
            }
            ArrayList arrayList = new ArrayList();
            arrayList.add(localRule);
            addLocalRules(arrayList);
        } catch (Exception e) {
            throw new KuraException(KuraErrorCode.INTERNAL_ERROR, e, new Object[0]);
        }
    }

    public void addLocalRules(List<LocalRule> list) throws KuraException {
        try {
            boolean z = false;
            for (LocalRule localRule : list) {
                boolean z2 = true;
                Iterator<LocalRule> it = this.localRules.iterator();
                while (true) {
                    if (it.hasNext()) {
                        if (localRule.equals(it.next())) {
                            z2 = false;
                            break;
                        }
                    } else {
                        break;
                    }
                }
                if (z2) {
                    logger.info("Adding local rule to firewall configuration: {}", localRule.toString());
                    this.localRules.add(localRule);
                    z = true;
                } else {
                    logger.warn("Not adding local rule that is already present: {}", localRule.toString());
                }
            }
            if (z) {
                update();
            }
        } catch (Exception e) {
            throw new KuraException(KuraErrorCode.INTERNAL_ERROR, e, new Object[0]);
        }
    }

    public void addPortForwardRule(String str, String str2, String str3, String str4, int i, int i2, boolean z, String str5, String str6, String str7, String str8) throws KuraException {
        try {
            PortForwardRule portForwardRule = str6 != null ? new PortForwardRule(str, str2, str3, str4, i, i2, z, str5, Short.parseShort(str6), str7, str8) : new PortForwardRule(str, str2, str3, str4, i, i2, z, str5, -1, str7, str8);
            ArrayList arrayList = new ArrayList();
            arrayList.add(portForwardRule);
            addPortForwardRules(arrayList);
        } catch (Exception e) {
            throw new KuraException(KuraErrorCode.INTERNAL_ERROR, e, new Object[0]);
        }
    }

    public void addPortForwardRules(List<PortForwardRule> list) throws KuraException {
        try {
            boolean z = false;
            for (PortForwardRule portForwardRule : list) {
                boolean z2 = true;
                Iterator<PortForwardRule> it = this.portForwardRules.iterator();
                while (true) {
                    if (it.hasNext()) {
                        if (portForwardRule.equals(it.next())) {
                            z2 = false;
                            break;
                        }
                    } else {
                        break;
                    }
                }
                if (z2) {
                    logger.info("Adding port forward rule to firewall configuration: {}", portForwardRule.toString());
                    this.portForwardRules.add(portForwardRule);
                    z = true;
                } else {
                    logger.warn("Not adding port forward rule that is already present: {}", portForwardRule.toString());
                }
            }
            if (z) {
                this.allowForwarding = true;
                update();
            }
        } catch (Exception e) {
            throw new KuraException(KuraErrorCode.INTERNAL_ERROR, e, new Object[0]);
        }
    }

    public void addNatRule(String str, String str2, boolean z) throws KuraException {
        if (str != null) {
            try {
                if (!str.isEmpty()) {
                    if (str2 == null || str2.isEmpty()) {
                        logger.warn("Can't add auto NAT rule - destination interface not specified");
                        return;
                    }
                    NATRule nATRule = new NATRule(str, str2, z);
                    ArrayList arrayList = new ArrayList();
                    arrayList.add(nATRule);
                    addAutoNatRules(arrayList);
                    return;
                }
            } catch (Exception e) {
                throw new KuraException(KuraErrorCode.INTERNAL_ERROR, e, new Object[0]);
            }
        }
        logger.warn("Can't add auto NAT rule - source interface not specified");
    }

    public void addNatRule(String str, String str2, String str3, String str4, String str5, boolean z) throws KuraException {
        if (str != null) {
            try {
                if (!str.isEmpty()) {
                    if (str2 == null || str2.isEmpty()) {
                        logger.warn("Can't add NAT rule - destination interface not specified");
                        return;
                    }
                    NATRule nATRule = new NATRule(str, str2, str3, str4, str5, z);
                    ArrayList arrayList = new ArrayList();
                    arrayList.add(nATRule);
                    addNatRules(arrayList);
                    return;
                }
            } catch (Exception e) {
                throw new KuraException(KuraErrorCode.INTERNAL_ERROR, e, new Object[0]);
            }
        }
        logger.warn("Can't add NAT rule - source interface not specified");
    }

    public void addAutoNatRules(List<NATRule> list) throws KuraException {
        addNatRules(list, this.autoNatRules);
    }

    public void addNatRules(List<NATRule> list) throws KuraException {
        addNatRules(list, this.natRules);
    }

    private void addNatRules(List<NATRule> list, Set<NATRule> set) throws KuraException {
        try {
            boolean z = false;
            for (NATRule nATRule : list) {
                boolean z2 = true;
                Iterator<NATRule> it = set.iterator();
                while (true) {
                    if (it.hasNext()) {
                        if (nATRule.equals(it.next())) {
                            z2 = false;
                            break;
                        }
                    } else {
                        break;
                    }
                }
                if (z2) {
                    logger.info("Adding auto NAT rule to firewall configuration: {}", nATRule.toString());
                    set.add(nATRule);
                    z = true;
                } else {
                    logger.warn("Not adding auto nat rule that is already present: {}", nATRule.toString());
                }
            }
            if (z) {
                this.allowForwarding = true;
                update();
            }
        } catch (Exception e) {
            throw new KuraException(KuraErrorCode.INTERNAL_ERROR, e, new Object[0]);
        }
    }

    public Set<LocalRule> getLocalRules() throws KuraException {
        try {
            return this.localRules;
        } catch (Exception e) {
            throw new KuraException(KuraErrorCode.INTERNAL_ERROR, e, new Object[0]);
        }
    }

    public Set<PortForwardRule> getPortForwardRules() throws KuraException {
        try {
            return this.portForwardRules;
        } catch (Exception e) {
            throw new KuraException(KuraErrorCode.INTERNAL_ERROR, e, new Object[0]);
        }
    }

    public Set<NATRule> getAutoNatRules() throws KuraException {
        try {
            return this.autoNatRules;
        } catch (Exception e) {
            throw new KuraException(KuraErrorCode.INTERNAL_ERROR, e, new Object[0]);
        }
    }

    public Set<NATRule> getNatRules() throws KuraException {
        try {
            return this.natRules;
        } catch (Exception e) {
            throw new KuraException(KuraErrorCode.INTERNAL_ERROR, e, new Object[0]);
        }
    }

    public void deleteLocalRule(LocalRule localRule) throws KuraException {
        try {
            this.localRules.remove(localRule);
            update();
        } catch (Exception e) {
            throw new KuraException(KuraErrorCode.INTERNAL_ERROR, e, new Object[0]);
        }
    }

    public void deletePortForwardRule(PortForwardRule portForwardRule) throws KuraException {
        if (this.portForwardRules == null) {
            return;
        }
        try {
            this.portForwardRules.remove(portForwardRule);
            if (this.autoNatRules != null && this.autoNatRules.isEmpty() && this.natRules != null && this.natRules.isEmpty() && this.portForwardRules != null && this.portForwardRules.isEmpty()) {
                this.allowForwarding = false;
            }
            update();
        } catch (Exception e) {
            throw new KuraException(KuraErrorCode.INTERNAL_ERROR, e, new Object[0]);
        }
    }

    public void deleteAutoNatRule(NATRule nATRule) throws KuraException {
        if (this.autoNatRules == null) {
            return;
        }
        try {
            this.autoNatRules.remove(nATRule);
            if (this.autoNatRules != null && this.autoNatRules.isEmpty() && this.natRules != null && this.natRules.isEmpty() && this.portForwardRules != null && this.portForwardRules.isEmpty()) {
                this.allowForwarding = false;
            }
            update();
        } catch (Exception e) {
            throw new KuraException(KuraErrorCode.INTERNAL_ERROR, e, new Object[0]);
        }
    }

    public void deleteAllLocalRules() throws KuraException {
        try {
            this.localRules.clear();
            update();
        } catch (Exception e) {
            throw new KuraException(KuraErrorCode.INTERNAL_ERROR, e, new Object[0]);
        }
    }

    public void deleteAllPortForwardRules() throws KuraException {
        try {
            this.portForwardRules.clear();
            if (this.autoNatRules != null && this.autoNatRules.isEmpty() && this.natRules != null && this.natRules.isEmpty()) {
                this.allowForwarding = false;
            }
            update();
        } catch (Exception e) {
            throw new KuraException(KuraErrorCode.INTERNAL_ERROR, e, new Object[0]);
        }
    }

    public void replaceAllNatRules(LinkedHashSet<NATRule> linkedHashSet) throws KuraException {
        try {
            this.autoNatRules = linkedHashSet;
            if ((this.autoNatRules == null || this.autoNatRules.isEmpty()) && ((this.natRules == null || this.natRules.isEmpty()) && (this.portForwardRules == null || this.portForwardRules.isEmpty()))) {
                this.allowForwarding = false;
            } else {
                this.allowForwarding = true;
            }
            update();
        } catch (Exception e) {
            throw new KuraException(KuraErrorCode.INTERNAL_ERROR, e, new Object[0]);
        }
    }

    public void deleteAllAutoNatRules() throws KuraException {
        try {
            this.autoNatRules.clear();
            if (this.natRules != null && this.natRules.isEmpty() && this.portForwardRules != null && this.portForwardRules.isEmpty()) {
                this.allowForwarding = false;
            }
            update();
        } catch (Exception e) {
            throw new KuraException(KuraErrorCode.INTERNAL_ERROR, e, new Object[0]);
        }
    }

    public void deleteAllNatRules() throws KuraException {
        try {
            this.natRules.clear();
            if (this.autoNatRules != null && this.autoNatRules.isEmpty() && this.portForwardRules != null && this.portForwardRules.isEmpty()) {
                this.allowForwarding = false;
            }
            update();
        } catch (KuraException e) {
            throw new KuraException(KuraErrorCode.INTERNAL_ERROR, e, new Object[0]);
        }
    }

    public void blockAllPorts() throws KuraException {
        deleteAllLocalRules();
        deleteAllPortForwardRules();
        deleteAllAutoNatRules();
        update();
    }

    public void unblockAllPorts() throws KuraException {
        deleteAllLocalRules();
        deleteAllPortForwardRules();
        deleteAllAutoNatRules();
        update();
    }

    private void applyRules() throws KuraException {
        if ((this.portForwardRules != null && !this.portForwardRules.isEmpty()) || ((this.autoNatRules != null && !this.autoNatRules.isEmpty()) || (this.natRules != null && !this.natRules.isEmpty()))) {
            this.allowForwarding = true;
        }
        new IptablesConfig(this.localRules, this.portForwardRules, this.autoNatRules, this.natRules, this.allowIcmp).save(IptablesConfig.FIREWALL_TMP_CONFIG_FILE_NAME);
        IptablesConfig.restore(IptablesConfig.FIREWALL_TMP_CONFIG_FILE_NAME);
        logger.debug("Managing port forwarding...");
        enableForwarding(this.allowForwarding);
        runCustomFirewallScript();
    }

    private static void enableForwarding(boolean z) throws KuraException {
        Throwable th = null;
        try {
            try {
                FileWriter fileWriter = new FileWriter(IP_FORWARD_FILE_NAME);
                try {
                    if (z) {
                        fileWriter.write(49);
                    } else {
                        fileWriter.write(48);
                    }
                    if (fileWriter != null) {
                        fileWriter.close();
                    }
                } catch (Throwable th2) {
                    if (fileWriter != null) {
                        fileWriter.close();
                    }
                    throw th2;
                }
            } catch (Throwable th3) {
                if (0 == 0) {
                    th = th3;
                } else if (null != th3) {
                    th.addSuppressed(th3);
                }
                throw th;
            }
        } catch (Exception e) {
            throw new KuraException(KuraErrorCode.INTERNAL_ERROR, e, new Object[0]);
        }
    }

    private static void runCustomFirewallScript() throws KuraException {
        SafeProcess safeProcess = null;
        try {
            try {
                if (new File(CUSTOM_FIREWALL_SCRIPT_NAME).exists()) {
                    logger.info("Running custom firewall script - {}", CUSTOM_FIREWALL_SCRIPT_NAME);
                    safeProcess = ProcessUtil.exec("sh /etc/init.d/firewall_cust");
                    safeProcess.waitFor();
                }
            } catch (Exception e) {
                throw new KuraException(KuraErrorCode.INTERNAL_ERROR, e, new Object[0]);
            }
        } finally {
            if (safeProcess != null) {
                ProcessUtil.destroy(safeProcess);
            }
        }
    }

    public void enable() throws KuraException {
        update();
    }

    public void disable() throws KuraException {
        IptablesConfig.clearAllChains();
    }

    public void allowIcmp() {
        this.allowIcmp = true;
    }

    public void disableIcmp() {
        this.allowIcmp = false;
    }

    public void enableForwarding() {
        this.allowForwarding = true;
    }

    public void disableForwarding() {
        this.allowForwarding = false;
    }

    /* JADX WARN: Multi-variable type inference failed */
    /* JADX WARN: Type inference failed for: r0v0, types: [java.lang.Object] */
    /* JADX WARN: Type inference failed for: r0v1, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r0v3 */
    private void update() throws KuraException {
        ?? r0 = lock;
        synchronized (r0) {
            applyRules();
            IptablesConfig.save();
            r0 = r0;
        }
    }
}
